Thursday, April 18, 2013

CISPA Voids Private Contracts, Undermines Rule of Law

While CISPA’s sponsors emphasize “voluntary” information sharing, the bill actually cannibalizes private contracts between cloud computing providers and their customers, which include many individuals and small businesses. CISPA’s sweeping immunity provision in subsection (b)(4) permits a provider to break its privacy promises to users with impunity. Indeed, the bill gives firms blanket immunity for all acts involving cyber threat information sharing, so long as such acts are taken in “good faith” – even if companies have not taken any reasonable steps prior to sharing information to ensure that it pertains to an actual cyber threat.

CISPA also permits government agencies to recklessly mishandle private information, providing absolutely no recourse to businesses and individuals harmed by such wrongdoing unless the violation is “willful[] or intentional[].”